Conceptual overview of OAuth 2.0 and OIDC

This chapter presents an overview of the implementation of OAuth 2.0 and OIDC in Airlock IAM.

Architecture of the authorization server

The following picture shows the fundamental concept of the new implementation of the OAuth 2.0 and OIDC Authorization Server.

Authorization Server 2

The architectural design of the implementation shown above leads to the following characteristics:

  • One instance of Airlock IAM can support an unlimited number of authorization servers
  • Every authorization server is configured separately in Airlock IAM
  • Each authorization server can support an unlimited number of clients
  • Clients can be configured statically within the authorization server configuration
  • Clients can be registered dynamically through the DCR (Dynamic Client Registration) protocol
  • Each client must have a unique client-id per authorization server